<?php
include("../contents.php");
include("../security.php");
include("../settings.php");
include("../database.php");
if (Contents::presence_rights($_GET["pres"])) {
	if (!empty($_GET["deluser"])) {
		mysql_query("DELETE FROM ". $GLOBALS["db_pref"] ."webusers WHERE id='". $_GET["deluser"] ."' and presence='". $_GET["pres"] ."'");
	}

	if (!empty($_GET["delgroup"])) {
		mysql_query("DELETE FROM ". $GLOBALS["db_pref"] ."webusers_groups WHERE id='". $_GET["delgroup"] ."' and presence='". $_GET["pres"] ."'");
	}

	if(!empty($_POST["groupname"]) && !isset($_GET["editgroup"])) {
		$group_exists=mysql_query("SELECT id FROM ". $GLOBALS["db_pref"] ."webusers_groups WHERE name='". $_POST["groupname"] ."' and presence='". $_GET["pres"] ."'");
		if (mysql_num_rows($group_exists)==0) {
			mysql_query("INSERT INTO ". $GLOBALS["db_pref"] ."webusers_groups SET name='". $_POST["groupname"] ."', presence='". $_GET["pres"] ."'");
		} else {
		?>
		<script language="JavaScript" type="text/javascript">
		alert("Dieser Gruppenname existiert bereits.");
		</script>
		<?php
		}
	}
	$editgroup=0;
	if(!empty($_GET["editgroup"])) {
		if(!empty($_POST["groupname"])) {
			mysql_query("UPDATE ". $GLOBALS["db_pref"] ."webusers_groups SET name='". $_POST["groupname"] ."' WHERE id='". $_GET["editgroup"] ."' and presence='". $_GET["pres"] ."'");
			if (mysql_affected_rows()==1) {
			?>
			<script language="JavaScript" type="text/javascript">
			alert("Die Daten wurden erfolgreich gespeichert.");
			</script>
			<?php
			} else {
			?>
			<script language="JavaScript" type="text/javascript">
			alert("Es wurden keine Daten aktualisiert.");
			</script>
			<?php			
			}
		}


		$editagroup=mysql_query("SELECT * FROM ". $GLOBALS["db_pref"] ."webusers_groups WHERE id='". $_GET["editgroup"] ."' and presence='". $_GET["pres"] ."'");
		if (mysql_num_rows($editagroup)==1) {
			$row_edit=mysql_fetch_object($editagroup);
			$editgroup=1;
		}
	}

	if(!empty($_POST["username"]) && !isset($_GET["edituser"])) {
		$user_exists=mysql_query("SELECT id FROM ". $GLOBALS["db_pref"] ."webusers WHERE username='". $_POST["username"] ."' and presence='". $_GET["pres"] ."'");
		if (mysql_num_rows($user_exists)==0) {
			mysql_query("INSERT INTO ". $GLOBALS["db_pref"] ."webusers SET username='". $_POST["username"] ."', passwort='". $_POST["password"] ."', gruppe='". $_POST["gruppe"] ."', presence='". $_GET["pres"] ."'");
		} else {
		?>
		<script language="JavaScript" type="text/javascript">
		alert("Dieser Benutzername existiert bereits.");
		</script>
		<?php
		}
	}

	$edituser=0;
	if(!empty($_GET["edituser"])) {
		if(!empty($_POST["username"])) {
			mysql_query("UPDATE ". $GLOBALS["db_pref"] ."webusers SET username='". $_POST["username"] ."', passwort='". $_POST["password"] ."', gruppe='". $_POST["gruppe"] ."' WHERE id='". $_GET["edituser"] ."' and presence='". $_GET["pres"] ."'");
			if (mysql_affected_rows()==1) {
			?>
			<script language="JavaScript" type="text/javascript">
			alert("Die Daten wurden erfolgreich gespeichert.");
			</script>
			<?php
			} else {
			?>
			<script language="JavaScript" type="text/javascript">
			alert("Es wurden keine Daten aktualisiert.");
			</script>
			<?php			
			}
		}


		$editauser=mysql_query("SELECT * FROM ". $GLOBALS["db_pref"] ."webusers WHERE id='". $_GET["edituser"] ."' and presence='". $_GET["pres"] ."'");
		if (mysql_num_rows($editauser)==1) {
			$row_edit=mysql_fetch_object($editauser);
			$edituser=1;
		}
	}
	echo "<"."?xml version=\"1.0\"?".">";
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="de">
  <head>
    <meta http-equiv="content-type" content="text/html; charset=UTF-8" />
    <title><?php echo getsetting("sitename"); ?> - Administration</title>
    <link media="screen" rel="stylesheet" href="css/style.css" type="text/css" />
    <script src="js/scripts.js" type="text/javascript"></script>
  </head>

  <body id="editgrey">
   	<div id="overview">
   	  <h1>Alle Webbenutzer &amp; -gruppen</h1>
   	  <img src="images/dir_symbol.gif" width="64" height="64" alt="" style="padding-right:20px;float:left;" />
   	  Bearbeiten Sie hier die Webbenutzer und die dazugeh&ouml;hrigen Webgruppen.<br /><br />
   	  Webgruppen werden in Content-Seiten eingebunden, um festzulegen, ob jemand ein Content-Dokument betrachten darf.
   	  <br style="clear:both;" />
    </div>
    <div id="edit">
  	<p id="pageheadline">Webbenutzer</p>
    	<table style="width:100%;padding:0px; margin:0px;border-top:0px;border-left:1px solid #aaaaaa;border-right:1px solid #aaaaaa;border-bottom:1px solid #aaaaaa; background-color:#ffffff" cellpadding="0" cellspacing="0">
    		<tr>
    			<th class="left" width="370" align="left">Benutzername</th>
   				<th class="standard" width="80" align="center">Bearbeiten</th>
   				<th class="standard" width="50" align="center">L&ouml;schen</th>
    		</tr>
    		<?php
    		$query_users=mysql_query("SELECT id, username FROM ". $GLOBALS["db_pref"] ."webusers where presence='". $_GET["pres"] ."' order by username");
    		for ($i=0; $i<mysql_num_rows($query_users); $i++) {
    			$row_user=mysql_fetch_object($query_users);
    			?>
    			<tr onmouseover="setbgcolor(this, '#eeeeee')" onmouseout="setbgcolor(this, '#ffffff')">
    				<td class="tdnormal"><?php echo $row_user->username; ?></td>
    				<td class="tdnormal" style="text-align:center;"><a href="<?php echo $_SERVER["PHP_SELF"]; ?>?edituser=<?php echo $row_user->id; ?>&pres=<?php echo $_GET["pres"]; ?>"><img src="images/edit.gif" style="border:0px;width:12px;height:16px;" /></a></td>
    				<td class="tdnormal" style="text-align:center;"><a href="javascript:askdelete('<?php echo $_SERVER["PHP_SELF"]; ?>?deluser=<?php echo $row_user->id; ?>&pres=<?php echo $_GET["pres"]; ?>')"><img src="images/delete_small.gif" style="border:0px;width:14px;height:14px;" /></a></td>
    			</tr>
    			<?php
    		}
    		?>
    	</table><br />
    	<p id="pageheadline2">Benutzer anlegen/bearbeiten</p>
    	<form action="<?php echo $_SERVER["PHP_SELF"] ."?"; echo ($edituser==1)?"&edituser=". $row_edit->id :"";?>&pres=<?php echo $_GET["pres"]; ?>" method="post">
    	  <table style="width:100%;padding:0px; margin:0px;border-top:0px;border-left:1px solid #aaaaaa;border-right:1px solid #aaaaaa;border-bottom:1px solid #aaaaaa; background-color:#ffffff" cellpadding="0" cellspacing="0">
    	    <tr onmouseover="setbgcolor(this, '#eeeeee')" onmouseout="setbgcolor(this, '#ffffff')">
    	      <td width="200" class="tdnormal" style="padding:5px;">Benutzername</td>
    	      <td class="tdnormal" style="padding-left:15px;"><input type="text" name="username" value="<?php echo ($edituser==1)?$row_edit->username :"";?>"></td>
    	    </tr>
    	    <tr onmouseover="setbgcolor(this, '#eeeeee')" onmouseout="setbgcolor(this, '#ffffff')">
    	      <td class="tdnormal" style="padding:5px;">Passwort</td>
    	      <td class="tdnormal" style="padding-left:15px;"><input type="<?php echo (isset($_GET["showpass"]))?"text":"password"; ?>" name="password" value="<?php echo ($edituser==1)?$row_edit->passwort :"";?>"> <?php if ($edituser==1) { ?><a href="<?php echo $_SERVER["PHP_SELF"] ."?edituser=". $row_edit->id; echo (isset($_GET["showpass"]))?"":"&showpass=1"; ?>&pres=<?php echo $_GET["pres"]; ?>" class="small">Passwort <?php echo (isset($_GET["showpass"]))?"verstecken":"anzeigen"; ?></a> <?php } ?></td>
    	    </tr>
    	    <tr onmouseover="setbgcolor(this, '#eeeeee')" onmouseout="setbgcolor(this, '#ffffff')">
    	      <td class="tdnormal" style="padding:5px;">Gruppe</td>
    	      <td class="tdnormal" style="padding-left:15px;">
    	      	<select size="1" name="gruppe">
    	      	<?php
    	      	$query_groups=mysql_query("SELECT id, name FROM ". $GLOBALS["db_pref"] ."webusers_groups where presence='". $_GET["pres"] ."' order by name");
    	      	for ($i=0; $i<mysql_num_rows($query_groups); $i++) {
    	      		$row_group=mysql_fetch_object($query_groups);
    			?>
    	      		<option value="<?php echo $row_group->id; ?>" <?php if($edituser==1 && $row_edit->gruppe==$row_group->id) { echo "selected=\"selected\"";} ?>><?php echo $row_group->name; ?></option>
    	      	<?php
    	      	}
    	      	?>
    	      	</select>
    	      </td>
    	    </tr>
    	  </table><br />
    	  <input type="submit" value="Speichern" />
    	</form>
    	<br />
    	<p id="pageheadline">Webgruppen</p>
    	<table style="width:100%;padding:0px; margin:0px;border-top:0px;border-left:1px solid #aaaaaa;border-right:1px solid #aaaaaa;border-bottom:1px solid #aaaaaa; background-color:#ffffff" cellpadding="0" cellspacing="0">
    		<tr>
    			<th class="left" width="375" align="left">Name</th>
   				<th class="standard" width="75" align="center">Bearbeiten</th>
   				<th class="standard" width="50" align="center">L&ouml;schen</th>
    		</tr>
    		<?php
    		$query_groups=mysql_query("SELECT id, name FROM ". $GLOBALS["db_pref"] ."webusers_groups where presence='". $_GET["pres"] ."' order by name");
    		for ($i=0; $i<mysql_num_rows($query_groups); $i++) {
    			$row_group=mysql_fetch_object($query_groups);
    			?>
    			<tr onmouseover="setbgcolor(this, '#eeeeee')" onmouseout="setbgcolor(this, '#ffffff')">
    				<td class="tdnormal"><?php echo $row_group->name; ?></td>
    				<td class="tdnormal" style="text-align:center;"><a href="<?php echo $_SERVER["PHP_SELF"]; ?>?editgroup=<?php echo $row_group->id; ?>&pres=<?php echo $_GET["pres"]; ?>"><img src="images/edit.gif" style="border:0px;width:12px;height:16px;" /></a></td>
    				<td class="tdnormal" style="text-align:center;"><a href="javascript:askdelete('<?php echo $_SERVER["PHP_SELF"]; ?>?delgroup=<?php echo $row_group->id; ?>&pres=<?php echo $_GET["pres"]; ?>')"><img src="images/delete_small.gif" style="border:0px;width:14px;height:14px;" /></a></td>
    			</tr>
    			<?php
    		}
    		?>
    	</table>
    	<p id="pageheadline2">Gruppe anlegen/bearbeiten</p>
    	<form action="<?php echo $_SERVER["PHP_SELF"] ."?"; echo ($editgroup==1)?"&editgroup=". $row_edit->id :"";?>&pres=<?php echo $_GET["pres"]; ?>" method="post">
    	  <table style="width:100%;padding:0px; margin:0px;border-top:0px;border-left:1px solid #aaaaaa;border-right:1px solid #aaaaaa;border-bottom:1px solid #aaaaaa; background-color:#ffffff" cellpadding="0" cellspacing="0">
    	    <tr>
    	      <td width="200" class="tdnormal" style="padding:5px;">Name</td>
    	      <td class="tdnormal" style="padding-left:15px;"><input type="text" name="groupname" value="<?php echo ($editgroup==1)?$row_edit->name :"";?>"></td>
    	    </tr>
    	  </table><br />
    	  <input type="submit" value="Speichern" />
    	</form>
    </div>
  </body>
</html>
<?php
}
function get_navigations($presence, $startid=0, $level=0, $active=0) {
	$snav="";
	$navs=mysql_query("SELECT name, id FROM ". $GLOBALS["db_pref"] ."navigation WHERE subof='". $startid ."' and deleted='0' and presence='". $presence ."'");
	for($i=0; $i<mysql_num_rows($navs); $i++) {
		$navrow=mysql_fetch_object($navs);
		$space="";
		for($j=0; $j<$level; $j++) {
			$space.="&nbsp;&nbsp;";
		}
		$select="";
		if($active==$navrow->id) {
			$select=" selected=\"selected\"";
		}
		$snav.="<option". $select ." value=\"". $navrow->id ."\">". $space . $navrow->name ."</option>\n";
		$snav.=get_navigations($presence, $navrow->id, ($level + 1), $active);
	}
	return $snav;
}

function get_documents($presence, $startid=0, $level=0, $active=0) {
	$snav="";
	$navs=mysql_query("SELECT name, id FROM ". $GLOBALS["db_pref"] ."content_dirs WHERE subof='". $startid ."' and deleted='0' and presence='". $presence ."'");
	for($i=0; $i<mysql_num_rows($navs); $i++) {
		$navrow=mysql_fetch_object($navs);
		$space="";
		for($j=0; $j<$level; $j++) {
			$space.="&nbsp;&nbsp;";
		}
		$snav.="<optgroup label=\"". $space . $navrow->name ."\">\n";
		$dirdocs=mysql_query("SELECT id, pagetitle, id2 FROM ". $GLOBALS["db_pref"] ."content_documents WHERE ofdir='". $navrow->id ."' and deleted='0' and checkin_by>0");
		for($j=0; $j<mysql_num_rows($dirdocs); $j++) {
			$docrow=mysql_fetch_object($dirdocs);
			$select="";
			if($active==$docrow->id) {
				$select=" selected=\"selected\"";
			}
			$snav.="<option". $select ." value=\"". $docrow->id ."\">". $space . $docrow->pagetitle ."</option>\n";
		}
		$snav.=get_documents($presence, $navrow->id, ($level + 1), $active);
		$snav.="</optgroup>";
	}
	return $snav;
}
?>